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Amendments to the Claims: 

This listing of claims will replace all prior versions, and listings, of claims in 
the application: 

Listing of Claims: 

1-12. (Canceled) 

14-25. (Catxceled) 

16- (New) A distributed subscriber management system comprising: 

a plurality of user networks, each user network connecting a respective group of 
users; 

an integrated access device interposed between said plurality of user networks 
and an access network; and 

a plurality of external networks connected to said access network, each said 
external network having an authentication server; 

wherein said integrated access device comprises a set of at least two 
authentication clients shared by said plurality of user networks and operable to 
authenticate data miits received from users belonging to any of said user 
networks and destined to any of said external networks. 

27. (New) The distributed subscriber management system of claim 26 further including 
means for centralized access control between said user networks. 

28- (New) The distribute subscriber management system of claim 26 further comprising a 
secure data-unit labeling system associated with said integrated access device for marking 
data units received from said user networks to produce marked data units so that each said 
mai'ked data unit destined to a specific external network from among said plurality of external 
networks becomes illegible to any other of said external networks. 

29. (New) The distributed subscriber management system of claim 26 wherein said set of at 
least two authentication clients uses a Remote Authentication, Dial -in User Service 

(RADnjS) prptocoK 
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30. (New) The distributed subscriber management system of claim 26 further including, in 
said integrated access device, means for: 

receiving a data unit from a user located on one of said plurality of user networks; 
interrogating said user for access information; 

encrypting said access information at said access control node prior to transmitting the 
access information to an authentication server; and 

decrypting the access informatioa at the authentication server. 

31. (Nevi^) The distributed subscriber management system of claim 26 wherein said pJurality 
of user networks includes a first number of user networks, said set of at least two 
authentication clients includes a second number of authentication clients, and said first 
number is unequal to said second number. 

32. (New) An integrated access device comprising: 

a user-network interface connecting to a plurality of user networks to receive data 
units from said plurality of user networks; 

at least two authentication clients operalively connected to said user network interface 
for authenticating and authorizing data units received from said plurality of \iser 
networks; and 

an external-network interface operatively connected to said at least two authentication 
clients and to an access network, said external-network interface operable to forward a 
data unit authorized by any of said at least two authentication clients to an external 
network from among a plurality of external networks connected to said access 
network. 

33. (New) The integrated access device of claim 32 further co^^)rising means for allocating 
discrete bandwidth levels to at least one of said user networks. 

34. (New) The integrated access device of claim 32 further comprising: 

means for service-level enforcing; 
means for network-resource management; 
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means for collecting usage statistical usage; aj)d 
means for alarm monitoring. 

35. (New) The integrated access device of claim 32, farther comprising at least one of the 
following: 

a password authentication protocol client; 

a challenge handshake authentication protocol client; 

a teiTninal-access controller-access control system client; and 

a remote authentication dial-in user service protocol client- 

36. (New) The integrated access device of claim 32 further comprising means for controlling 
admission to each of said user networks of users from each other user network of said 
plurality of user networks, 

37. (New) The integrated access device of claim 32 wherein the user network interface 
includes a plurality of ingress cards and the external network interface includes an egress 
card. 

38. A method of distributed subscriber management in a data network, the method 
comprising: 

receiving, at a shared access device interposed between a plurality of user networks 
and an access network, data units from said plurality of user networks; 

authenticating, at said shared access device, user data received from said plurality of 
user networks, by means of a plurality of shared RADIUS clients residing in said 
shared access device, prior to transmitting said user data through said access network; 

allocating, by said shared access device, discrete bandwidth levels to individual user 
networks from among said plurality of user networks; 

enforcing, by said shared access device, said discrete bandwidth levels; and 

collecting, by said shared access device, statistics on traffic traversing said access 
network. 
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39. The method of claim 38 wherein at least one of said data units is sent through said access 
network to a RADIUS server associated with an external ne^vork from among a plurality of 
exiemal networks, 

40. The method of claim 39 including a further step of encrypting said at least one of said 
data units prior to said transmitting. 

41. The method of claim 38 including a further step of controUing access between said user 
networks. 



Page 5 of 13 



PA(XS!13'RCVDAT4f3/200611:S7:30AM [Eastern Daylight Timel'SVRiUSPTO^Fm 



